VMware, SharePoint Hacked in $435,000 Pwn2Own Blitz

Security researchers disclosed a series of critical zero-day vulnerabilities affecting major enterprise platforms during Day Two of the Pwn2Own Berlin 2025 contest, with total winnings reaching $435,000. Hosted at OffensiveCon, the event featured successful exploits targeting VMware ESXi, Microsoft SharePoint, Mozilla Firefox, and Red Hat Enterprise Linux.

In a first for the contest, a researcher from STARLabs SG compromised VMware ESXi using an integer overflow, earning $150,000. Viettel Cyber Security exploited Microsoft SharePoint by chaining an authentication bypass and insecure deserialization, securing $100,000. Firefox was breached via an out-of-bounds write by Palo Alto Networks researchers, who took home $50,000.

STARLabs SG also exploited a use-after-free vulnerability in Red Hat Linux, earning $10,000. Additional successful attacks included Oracle VirtualBox and Redis vulnerabilities, along with a complex four-bug chain against NVIDIA’s Triton Inference Server. All flaws were disclosed responsibly, with vendors given 90 days to issue patches. Day Three continues May 17.